微信扫一扫加我哦~
信息安全技能树职位建议
小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!•2020-06-05•安全文档• 5688• 0•A+ A-
信息安全技能树职位建议
Burp Suite
https://portswigger.net/burp/
很多时候,免费版本已经满足需求
Fiddler
http://www.telerik.com/fiddler
Firefox
Firebug
NoScript
Chrome
F12
WhatWeb
w3af
sqlmap
XSS'OR
http://xssor.io/
端口扫描
Nmap
https://nmap.org/
https://highon.coffee/blog/nmap-cheat-sheet/
Zmap
https://www.zmap.io/
masscan
Hydra
https://www.thc.org/thc-hydra/
Metasploit
https://www.metasploit.com/
流量
参见: 流量
Wireshark
https://www.wireshark.org/
TShark
https://www.wireshark.org/docs/man-pages/tshark.html
Tcpdump
http://www.tcpdump.org/
Snort
https://www.snort.org/
Bro
https://www.bro.org/
Moloch
http://molo.ch/
Suricata
https://suricata-ids.org/
漏洞环境
Metasploitable3
WebGoat
DVWA
XVWA
网络空间搜索引擎
Google
ZoomEye
https://www.zoomeye.org/
Shodan
https://www.shodan.io/
Censys
https://censys.io/
漏洞库
Exploit-DB
https://www.exploit-db.com/
https://www.exploit-db.com/searchsploit/
Seebug
https://www.seebug.org/
0day.today
http://0day.today/
洛马七步杀
参见: 假设自己正被“洛马七步杀”
http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html
Penetration Testing Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
端口转发
最基础的SSH隧道
https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/index.html
iptables -t nat
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
rtcp.py
姿势大全
https://artkond.com/2017/03/23/pivoting-guide/
Reverse Shell Cheat Sheet
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
部分框架
Kali Linux
http://tools.kali.org/tools-listing
Pentest Box
https://pentestbox.org/
Maltego
https://www.paterva.com/web7/
The Social-Engineer Toolkit (SET)
Nmap
Metasploit
BeEF
http://beefproject.com/
mitmproxy
https://mitmproxy.org/
暴力美学
不需要必须放线上的服务都下线
默认关闭所有端口,只开需要的
服务器登录只允许公私钥形式
干掉一切明文传输
使用口碑好的第三方服务及组件
备份备份再备份
假设自己正被“洛马七步杀”
参见: 洛马七步杀
部分工具
流量
参见: 流量
Security Onion
https://securityonion.net/
OSSEC
https://ossec.github.io/
Splunk
https://www.splunk.com/
ELK
Lynis
https://cisofy.com/lynis/
iptables/防火墙
JWT
https://jwt.io/
资料
程序员与黑客系列
http://www.infoq.com/cn/presentations/programmers-and-hackers
http://www.infoq.com/cn/presentations/programmers-and-hackers-part02
实用性开发人员安全须知
SaaS型初创企业安全101
JavaScript
jQuery
Bootstrap
前端框架,不仅JavaScript
Node.js
https://nodejs.org/
npm
https://www.npmjs.com/
PEP 8编程习惯
https://www.python.org/dev/peps/pep-0008/
urllib2
socket
requests
框架
Scrapy
爬虫框架
Django
Web开发框架
并发
thread/threading
multiprocessing
gevent
pip
https://pypi.python.org/pypi
Go
https://tour.go-zh.org/list
bsddb
SQLite
MySQL
MongoDB
Cassandra
ELK
Elasticsearch
Logstash
Kibana
Neo4j
Redis
Memcached
Hadoop
JSON
XML
cPickle
protobuf
调试工具
Kodos
RegexBuddy
https://regexper.com/
正则表达式30分钟入门教程
https://deerchao.net/tutorials/regex/regex.htm
Python
http://wiki.ubuntu.org.cn/Python正则表达式操作指南
VIM
简明 VIM 练级攻略
http://coolshell.cn/articles/5426.html
Markdown
Git
https://try.github.io/
FreeMind/XMind
yEd
Evernote
Windows
Putty
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
WinSCP
SysinternalsSuite
Mac
iTerm2
http://www.iterm2.com/
Homebrew
https://brew.sh/
Linux
Bash
tmux/screen/grep/zgrep/awk/sed/cut/find/du/df/dd/ls/cat/cd/pwd/id/free/ps/netstat/vmstat/top/crontab/tree/tail/head/vi/ifconfig/lsof/dig/mount/strings/uname/echo/history/tar/unzip/gzip/zip/diff/md5sum/file/base64/rm/mv/gcc/kill/chown/chmod/last/whoami/strace/ltrace/iptables/nohup/nc/scp/ssh/telnet
隔离
VMware
VirtualBox
Parallels Desktop
Docker
FQ
proxychains
暗网
https://alphabaymarket.com/
硬件
iPhone+iPad+Mac
ThinkPad
云服务
VPS
AWS
Linode
Vultr
DigitalOcean
Dropbox
OneDrive
Google Docs
Email
Gmail
Outlook
ProtonMail
安全
GPG
https://gnupg.org/download/index.html
TrueCrypt
情报跟进
Inoreader
Twitter
V1 By @余弦 201709
联系我:evilcos@gmail.com
更新动态关注微信公众号:懒人在思考
工欲善其事必先利其器
世界之大总有一款利器适合你
特别说明
这份技能树最适合走向安全工程化之路的人
这份技能树以利器为主要出发点进行梳理
- 文章关键词
- 思维导图
- 笔记
- 手册